I am new to system administration and I have a permission related query. I have a group called administration. Inside the administration group, I have the users user1, user2, user3, superuser. All the users are in the administration group. Now, I need to give permissions to the user superuser to be able to view the /home directory of the other users. However, I do not want user1, user2, user3 to see the home of any other user other than himself. (That is, user1 should be able to see only user1's home and so on).
I have created the users and groups and assigned all the users to the group. How should I specify the permissions for the superuser now?
In other words, I'm thinking of having two groups (say NormalUsers and Superuser). The NormalUsers group will have the users user1, user2 and user3. The Superuser group will only have the user Superuser. Now, I need the Superuser to have full access on the files of users in the group NormalUsers. Is this possible in Linux?
Best Answer
If the users are cooperative, you can use access control lists (ACL). Set an ACL on the home directory of
user1(and friends) that grants read access tosuperuser. Set the default ACL as well, for newly created files, and also the ACL on existing files.user1can change the ACL on his files if he wishes.If you want to always give
superuserread access touser1's files, you can create another view of the users' home directories with different permissions, with bindfs.Files accessed through ~superuser/spyglass/user1 are world-readable. Other than the permissions,
~superuser/spyglass/user1is a view ofuser1's home directory. Sincesuperuseris the only user who can access~superuser/spyglass, onlysuperusercan benefit from this.